Uncertain Future – Part VIII -Cyberwarfare

According to the Rand Corporation, [35] Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks. RAND research provides recommendations to military and civilian decisionmakers on methods of defending against the damaging effects of cyber warfare on a nation’s digital infrastructure because, when nations involve themselves in the acts of cracking, all bets are off. As previously mentioned, even massive companies like Sony can be leveled by a national attack. Second, we have to ask what counts as warfare? Can it really be an act of war if no one can possibly die from it? Does it matter that this was an American company? Does it change things that it is American citizens? What does retaliation look like? The truth is, we don’t have a lot of answers for this right now, but where it might lead to is nerve racking.

Joel Brenner, a Senior Counsel at the National Security Agency, in his book America the Vulnerable, focuses on the subject of cyber warfare. He speaks at length about the vulnerabilities to the United States, some already proven and some hypothetical. One threat we may one day face which he poses, comes in the form of an attack on our infrastructure. An attack centered on the Los Angeles powergrid could hold half the West Coast hostage. A similar attack against the DOD or VA could publish every scrap of data on over 22 million veterans for the whole world to see. What’s worse, he showed how capabilities already exist that could do this.

He continues in his book to describe the threat posed by China. China is a special case in that, besides a cyber warfare branch of the People’s Liberation Army [36], China also has the added asset of tens of thousands of nationalistic, “Patriot Hackers”. These individuals form a community of cracker groups which focus on exploiting all international information vulnerabilities from corporate, to military, and even personal. This core group of international hackers has been responsible for countless patent thefts and billions in lost research and development to the benefit of Chinese corporations, but is also responsible for compromising classified information worldwide. China’s hacker community is distinctly different from that of nations like the United States, which, if a pattern could be set, would be better described as anarchistic and anti-government (remember Anonymous), and even those in Russia, who are much more geared to cyber crime for profit. China’s hackers, instead work together alongside, or at least to the benefit of, China’s national government. All this while still be officially “unaffiliated” with the government for diplomatic and legal reasons. Effectively, the Chinese have a clandestine cyber national guard, growing in capabilities and there isn’t really a thing the world can do about it.

In fact, the largest breach of security for information in an American database last year didn’t come from someone hacking some corporation to turn a quick profit. It came from China. [37] Last year, the Office of Personnel Management discovered that information over 21 million victims had slipped into hacker’s hands. [38]The attack lasted over a year and included some 19 million people who applied for government security clearances and the information pertaining to their background checks, along with 1.8 million spouses, friends, and family members. To throw gasoline onto the fire, another 5.6 million fingerprint files of federal employees may have been lost [39], as well.

Moving Westward, Russia is a concern, as well. Having lost much of their technological edge in the last twenty years, they’re working to reclaim lost ground. Currently, when one thinks of Russian hackers, they are probably thinking of internet fraud and child pornography. Over the last few years, however, their capabilities have attempted to close the gap. Recently, in their ongoing conflict between Ukraine, Russian hackers were able to shutdown major sections of the Ukrainian power grid. [40]More concerning, however, is Russia’s attempts to control the media through the very bottom up. Called The 50 Ruble Army, Russia has copied a Chinese tactic to start employing professional commenters, people who scroll the internet commenting on content that weighs negatively against Russia with links to pro-Russian content, articles, and propaganda. [41] (Oh, yeah. Did I forget that about China, too? [42])If you speak about Russia long enough, you’ll see these guys.

But Russia and China aren’t the only concern in cyberwarfare. What’s surprising many, is the capabilities of players that weren’t normally seen in traditional spheres of computing capability. In 2011, by all accounts, Iran was able to steal a United States CIA stealth drone, literally out of the sky. [43]

According to Iranian sources, they were able to capture the US drone by “spoofing” the onboard GPS system. After technicians were able to hack into the drone, they broke the link with the systems remote controllers. From this point, according to the Iranian source, they simply told the drone to land in on an Iranian base, believing it to be its home in Afghanistan. [44]Quite frankly, if any part of that story is true, that is a real head scratcher for the Americans. More so than that, given the relatively unharmed state of the drone, at least from the pictures, it very well could be true. As far back as 2012, the concept of GPS spoofing was a proven concept by researchers at the University of Texas. [45]Given the resources of an entire nation, it wouldn’t surprise me terribly if they figured it out faster than a single American college.

Granted, the loss of our drone rattled many, but it wasn’t the first attack in the Iran/American Cyber War. Nor would it be the last.

Let’s take a step back to the 1980’s. Russia had poor abilities to produce microchips and the soviets worked to steal technology from the West, decades aheads of them technologically speaking. Because of a defector, the United States was able to know what it was Soviet spies were after. The Americans allowed flawed microprocessors to be stolen and their programs copied. These were made so well that they passed an initial inspection, only break down chemical and manufacturing facilities and overpower turbines in the Trans-Siberian pipeline. When soviet spies stole plans for gas-line pumps, they were unaware that it was intentionally designed to pump with much more pressure than the pipes were ever meant to handle. William Safire of the New York Times in 2004 was the first to break this story 25 years later. In his words, “The result was the most monumental, non-nuclear explosion and fire, ever seen from space.”

Fast forward a few decades.

In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them.

Five months later a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot a series of computers in Iran that were crashing and rebooting repeatedly. Again, the cause of the problem was a mystery. That is, until the researchers found a handful of malicious files on one of the systems and discovered the world’s first digital weapon.

Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled.

A piece of code began showing itself around which became known as the Stuxnet virus, made famous for its approach to disabling Iranian nuclear refinement operations. Brenner describes why Stuxnet was so incredible. It was a worm, a self-replicating virus, which utilized not just one, but four previously unknown vulnerabilities in Microsoft operating systems to spread itself throughout a worldwide infection. Once spread, it sought out particular Siemens centrifuges, like those used by the Iranians to refine Uranium, and bring them down. This virus baffled engineers for months, unaware that random system outages were really the result of advanced sabotage efforts from outside the country. What it showed was the threat to even extremely powerful and well defended military systems were possible via online attack. More perplexing, the Stuxnet virus, Brenner postulates, could have only have been created by one of a very few groups who would have had the technological capability to create it, that being the national governments of either United States, Russia, China, Israel, or one of a few members of the European Community. It goes way beyond the capability of the midnight hacker savant or the college computer science nerd out for kicks. This was deliberate and ingeniously engineered attack conducted by nations.

Enter: The US Cyber Command. All the necessary ingredients are in place for the possibility of cyber-threats from other nations, or even cyber-terrorism. For all intents and purposes, the United States built them. For that reason, the United States military created the US Cyber Command. On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command, United States Cyber Command (USCYBERCOM). Full Operational Capability (FOC) was achieved Oct. 31, 2010. The Command has three main focus areas: Defending the Department of Defense’s Intelligence assets, providing support to combatant commanders for execution of their missions around the world, and strengthening our nation’s ability to withstand and respond to cyber attack. I couldn’t find a video. I don’t think they want me talking about it.

Many speculate that either the US Cyber Command, or some other third party affiliate with the CIA, or even companies like Hacking Team to have created the Stuxnet virus, in conjunction with allies in Israel. As of yet, US Cyber Command has only once, very recently admitted ever taking part in any offensive actions. In the fight to retake Mosul, Iraq US forces are working with allies in the region to stop ISIS on the ground, in the air, and via the web. [47]

Meanwhile, U.S. forces are waging a cyber offensive to cut or spy on ISIS communications in Mosul. Carter said cyber attacks are being used “to interrupt [and] disrupt ISIL’s command and control, to cause them to lose confidence in their networks, to overload their network so that they can’t function, and do all of these things that will interrupt their ability to command and control forces there, control the population and the economy.”

While this is the first admitted time the US Cyber Command has officially been used in an act of cyber warfare, it will certainly not be the last. Along with this, many fear a future where it is needed. In an answer on a similar vein, I was once asked how vulnerable the US Naval fleet was to attack.

Future state-on-state conflict, as well as conflicts involving non-state actors such as al-Qaida, would increasingly be characterised by reliance on asymmetric warfare techniques, chiefly cyber-warfare, Chipman said. Hostile governments could hide behind rapidly advancing technology to launch attacks undetected. And unlike conventional and nuclear arms, there were no agreed international controls on the use of cyber weapons.

“Cyber-warfare [may be used] to disable a country’s infrastructure, meddle with the integrity of another country’s internal military data, try to confuse its financial transactions or to accomplish any number of other possibly crippling aims,” he said. Yet governments and national defence establishments at present have only limited ability to tell when they were under attack, by whom, and how they might respond.

The US Defence Department’s Quadrennial Defence Review, published this week, also highlighted the rising threat posed by cyber-warfare on space-based surveillance and communications systems.”On any given day, there are as many as 7 million DoD (Department of Defence) computers and telecommunications tools in use in 88 countries using thousands of war-fighting and support applications. The number of potential vulnerabilities, therefore, is staggering.” the review said.

“Moreover, the speed of cyber attacks and the anonymity of cyberspace greatly favour the offence. This advantage is growing as hacker tools become cheaper and easier to employ by adversaries whose skills are growing in sophistication.” [48]

Some of those vulnerabilities are forehead-smackingly simple, once you know where to look. “You can walk around any ship, most aircraft, and you can find either USB ports or serial ports that were put there for maintenance,” said Leigher. “They were done for good engineering reasons” — to download diagnostic data, for example — “but the engineer wasn’t thinking about computer security.” What if an enemy agent undercover as a contractor or even as a civilian on a good-will tour slipped a virus-loaded thumb drive into one of those ports? What if the bad guy simply tricked a sailor into doing it for him? [49]

U.S. computer experts playing the part of foreign hackers managed to shut down all communications among the U.S. Pacific fleet, and could have shut down the entire western half of the U.S. power grid. [50]

In that answer, given everything we know about the numerous breaks in our defenses, the capabilities of hackers across the globe, and the outdated systems of much of our Navy, it is plausible a group of hackers which are well enough organized and with enough backing, could compromise our carrier’s systems. It is possible that infected equipment could be installed on the ships themselves, since it is economically impossible to produce all the technologies built for these ships in government controlled factories, nor even, all in the United States. Foreign manufacturing produces gateway points for hardware to be slipped in with infected files that could then reproduce throughout the vessel’s internal secured networks and systems. If this were to happen, it is possible that these ships could be brought down through their own control systems, locking up, halting their communications, melting down their reactors, crashing them into the rocks or even city docks, or just causing them to float dead in the water defenseless against enemy attack and unable to protect us here at home.